daniel:// stenberg://Sep 21, 2025

Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.

I have already landed 22(!) bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps.

Credited "Reported in Joshua's sarif data" if you want to look for yourself

Show threadBrodie RobertsonSep 21, 2025
@bagder This is kind of happening in a lot of industries and should be expected, competent people will always be able to make the most of the tools they have available, but people who aren't will try to cut corners with new tools
Show threaddaniel:// stenberg://
@BrodieOnLinux indeed. In this case I'm almost blown away by the quality of some of this...
Sep 21, 2025 at 8:21amWeb